With government figures showing that 9 out of 10 organisations suffered some form of a data breach last year, it's a near certainty that it will happen, no matter what the size of the organisation.
The impact on larger enterprises can be great in terms of the scale of costs and reputational damage suffered, especially if they attract media attention.
However, it can be argued that they have a distinct advantage over smaller growing businesses when it comes to protecting themselves against the threat of a data breach. Why? They have the structure, resources and budget to put solid data breach response
plans and teams in place. For smaller, evolving businesses, these three things could present a challenge.
Structure – complex vs agile?
Large organisations are structured in a way that means in the majority of cases, they will have the ability to put a robust tried and tested data breach response plan in place.
It can be argued, however, that many smaller evolving organisations are potentially more agile and don't have the challenge that their larger counterparts face in terms of the complexity of having to work the corporate matrix. This flexibility can give smaller
organisations the opportunity to swiftly progress data breach readiness auditing and planning. Yet, our research has found that almost a third don't have any kind of data breach response plan in place.
Resource – who should be involved?
Having a team in place to respond quickly and effectively can make all the difference. However, despite a third of SMEs admitting that they do not have a data breach response plan in place, an even greater number have not appointed the necessary internal
or external teams required to manage the data breach event - leaving the effectiveness to respond and notify those affected to chance. This is in spite of the fact that nearly one in four SMEs know their customers would stop using them if the safety of their
personal data was jeopardised.
Budget – the mistake of underestimation
It's easy to assume that much of the costs associated with managing a data breach are focussed on the preventative measures, such as IT, forensics and cyber security. However, businesses also need to take into account the financial burden of business disruption,
lost sales, recovery of assets, as well as potential fines and compensation when a data breach strikes. Such costs can be significant and our research revealed that many SMEs are severely underestimating the costs associated with managing and responding to
a data breach.
SMEs estimate the average cost of a data breach to be £179,990. Government figures, however, place it at £310,800. This suggests that SMEs are underestimating the average cost of a data breach by £130,810. With four in five admitting that the financial impact
would be significant to the day to day running of their business, SME are leaving themselves financially vulnerable should a data breach hit.
Growing public awareness of data breaches and scrutiny from those ultimately affected means businesses managing personally identifiable information (PII) need to put planning for a data breach at the heart of their business.